fix(runtime): implement __proto__ getter, ignore and warn on setter

cli/tsc/99_main_compiler.js

@@ -8,11 +8,21 @@
 // that is created when Deno needs to type check TypeScript, and in some
 // instances convert TypeScript to JavaScript.
 
-// Removes the `__proto__` for security reasons.
+// Disables setting `__proto__` and emits a warning instead, for security reasons.
 // https://tc39.es/ecma262/#sec-get-object.prototype.__proto__
-delete Object.prototype.__proto__;
-
-((window) => {
+// deno-lint-ignore prefer-primordials
+Object.defineProperty(Object.prototype, "__proto__", {
+  configurable: true,
+  enumerable: false,
+  get() {
+    return Object.getPrototypeOf(this);
+  },
+  set(_) {
+    console.warn(
+      "Prototype access via __proto__ attempted; __proto__ is not implemented in Deno due to security reasons. Use Object.setPrototypeOf instead.",
+    );
+  },
+})((window) => {
   /** @type {DenoCore} */
   const core = window.Deno.core;
   const ops = core.ops;

runtime/js/99_main.js

@@ -1,9 +1,21 @@
 // Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
 "use strict";
 
-// Removes the `__proto__` for security reasons.
+// Disables setting `__proto__` and emits a warning instead, for security reasons.
 // https://tc39.es/ecma262/#sec-get-object.prototype.__proto__
-delete Object.prototype.__proto__;
+// deno-lint-ignore prefer-primordials
+Object.defineProperty(Object.prototype, "__proto__", {
+  configurable: true,
+  enumerable: false,
+  get() {
+    return Object.getPrototypeOf(this);
+  },
+  set(_) {
+    console.warn(
+      "Prototype access via __proto__ attempted; __proto__ is not implemented in Deno due to security reasons. Use Object.setPrototypeOf instead.",
+    );
+  },
+});
 
 // Remove Intl.v8BreakIterator because it is a non-standard API.
 delete Intl.v8BreakIterator;